General

  • Target

    677862ec62130345467fc6472bfbeff124fd2716897db3f8549c29f016ef13cd.exe

  • Size

    408KB

  • Sample

    241004-b1p9vsxdpp

  • MD5

    37ec6ac7a655216941a30dc46fe1b189

  • SHA1

    cf6637aabee2fd26a76e30db0a289201305372fb

  • SHA256

    677862ec62130345467fc6472bfbeff124fd2716897db3f8549c29f016ef13cd

  • SHA512

    ec33b2631e538d29bf35612e247ec61baf56c5202df6728b4e10b03ae6c9438ceafc698474b289b102ff3a6607d6399af24ed7daee4debd38062d48c22ac4edc

  • SSDEEP

    12288:nLYJvfeQmGFFxAKKWKuQLTRURHjZl3EBoYruJ3StafO:L5I5KW5pPW/n

Malware Config

Extracted

Family

vidar

Version

11

Botnet

bb7310eab4245006f125c442da2d1e50

C2

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Extracted

Family

lumma

Extracted

Family

lumma

C2

https://beearvagueo.site/api

Targets

    • Target

      677862ec62130345467fc6472bfbeff124fd2716897db3f8549c29f016ef13cd.exe

    • Size

      408KB

    • MD5

      37ec6ac7a655216941a30dc46fe1b189

    • SHA1

      cf6637aabee2fd26a76e30db0a289201305372fb

    • SHA256

      677862ec62130345467fc6472bfbeff124fd2716897db3f8549c29f016ef13cd

    • SHA512

      ec33b2631e538d29bf35612e247ec61baf56c5202df6728b4e10b03ae6c9438ceafc698474b289b102ff3a6607d6399af24ed7daee4debd38062d48c22ac4edc

    • SSDEEP

      12288:nLYJvfeQmGFFxAKKWKuQLTRURHjZl3EBoYruJ3StafO:L5I5KW5pPW/n

    • Detect Vidar Stealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.